The Java remote Debugging feature can cause arbitrary commands to be executed remotely, which is prohibited by default in production. If necessary in the BETA/DEV environment, it must be monitored at 127.0.0.1 to avoid being remotely invoked.
The way to hear 127.0.0.1
Modify the Java remote debugging parameters in the address 127.0.0.1 to restart the Java program.
Because there are two ways to turn on the Java Debug Service, the parameters at startup refer to one of the following.
java Start Remote Debugging parameters at debug startup
java-agentlib:jdwp=transport= Dt_socket,server=y,suspend=n,address=127.0.0.1:<port>
java-xdebug-xrunjdwp:transport=dt_socket,server=y,suspend=n,address=127.0.0.1:<port>
note: Tomcat's startup parameters are modified in startenv.sh.
How to debug remotely
Use the Socat command on a machine with Java debug enabled for port mapping, remote debugging with a mapped port, and end the Socat command after debugging.
The command is as follows, where Listen_port is the Socat listening port, Dest_port is the Java Debug listening port, Source_ip is the IP of the client that is being debugged.
Socat command
Socat TCP4-LISTEN:<LISTEN_PORT>,FORK,RANGE=<SOURCE_IP>/32 tcp4:127.0.0.1:<dest_port>
If there is no SOCAT program on the machine, install SOCAT using the following command
sudo yum install Socat
Example
The IP address of the server is 192.168.254.219, the native IP address is 10.86.14.35, and the server's Java Debug service hears the 127.0.0.1:50002 port. At this point I want to use the local connection server for remote debugging, you need:
1, the login server uses SOCAT for port mapping,
Socat TCP4-LISTEN:50001,FORK,RANGE=10.86.14.35/32 tcp4:127.0.0.1:50002
2. Set remote debugging in idea with host IP 192.168.254.219, Port 50001
Reference:
Secure Java Remote Debug
Java Remote Debug